About Me
CompTIA PenTest+
1 Threats, Attacks, and Vulnerabilities
1-1 Common Threat Actors
1-2 Threat Intelligence Sources
1-3 Threat Actors and Motives
1-4 Threat Actor Tactics, Techniques, and Procedures (TTPs)
1-5 Vulnerability Types
1-6 Exploit Types
1-7 Attack Types
1-8 Threat Detection and Monitoring
1-9 Threat Hunting
1-10 Incident Response
2 Architecture and Design
2-1 Security Controls
2-2 Network Architecture
2-3 Cloud and Virtualization
2-4 Web Application Security
2-5 Wireless Security
2-6 Mobile Security
2-7 IoT Security
2-8 Industrial Control Systems (ICS) Security
2-9 Physical Security
2-10 Secure Software Development
3 Tools and Code
3-1 Penetration Testing Tools
3-2 Exploitation Tools
3-3 Post-Exploitation Tools
3-4 Reporting Tools
3-5 Scripting and Automation
3-6 Programming Languages
3-7 Code Analysis
3-8 Open Source Intelligence (OSINT) Tools
4 Planning and Scoping
4-1 Penetration Testing Methodologies
4-2 Legal and Compliance Considerations
4-3 Scope Definition
4-4 Risk Assessment
4-5 Threat Modeling
4-6 Information Gathering
4-7 Asset Identification
4-8 Data Classification
4-9 Business Impact Analysis
4-10 Penetration Testing Objectives
5 Information Gathering and Vulnerability Identification
5-1 Passive Reconnaissance
5-2 Active Reconnaissance
5-3 Vulnerability Scanning
5-4 Network Mapping
5-5 Service Identification
5-6 Web Application Scanning
5-7 Wireless Network Scanning
5-8 Social Engineering Techniques
5-9 OSINT Techniques
5-10 Vulnerability Databases
6 Attacks and Exploits
6-1 Exploit Development
6-2 Buffer Overflows
6-3 SQL Injection
6-4 Cross-Site Scripting (XSS)
6-5 Cross-Site Request Forgery (CSRF)
6-6 Command Injection
6-7 Privilege Escalation
6-8 Lateral Movement
6-9 Evasion Techniques
6-10 Exploit Delivery Methods
7 Penetration Testing Process
7-1 Pre-Engagement Activities
7-2 Reconnaissance
7-3 Scanning and Enumeration
7-4 Exploitation
7-5 Post-Exploitation
7-6 Reporting
7-7 Remediation
7-8 Retesting
7-9 Documentation and Evidence Collection
7-10 Communication and Coordination
8 Reporting and Communication
8-1 Report Structure
8-2 Executive Summary
8-3 Technical Findings
8-4 Risk Assessment
8-5 Remediation Recommendations
8-6 Legal and Compliance Considerations
8-7 Presentation Skills
8-8 Communication with Stakeholders
8-9 Documentation Standards
8-10 Continuous Improvement
9 Security and Compliance
9-1 Regulatory Requirements
9-2 Industry Standards
9-3 Compliance Audits
9-4 Data Protection
9-5 Privacy Laws
9-6 Incident Response Planning
9-7 Disaster Recovery Planning
9-8 Business Continuity Planning
9-9 Risk Management
9-10 Security Awareness Training
4.6 Information Gathering Explained

4.6 Information Gathering Explained

Key Concepts

1. Passive Reconnaissance

Passive Reconnaissance involves gathering information about a target without direct interaction. This method is non-intrusive and typically uses publicly available data sources such as search engines, social media, and public records.

Example: A penetration tester might use Google to search for publicly available documents, such as PDFs or spreadsheets, that contain sensitive information about the target organization.

2. Active Reconnaissance

Active Reconnaissance involves directly interacting with the target to gather information. This method can include techniques such as port scanning, ping sweeps, and DNS queries. Active reconnaissance is more intrusive and can potentially alert the target to the tester's activities.

Example: A penetration tester might use Nmap to perform a port scan on the target organization's network to identify open ports and running services.

3. OSINT (Open Source Intelligence)

OSINT involves collecting information from publicly available sources to gather intelligence about a target. This can include data from social media, news articles, public databases, and other open sources.

Example: A penetration tester might use Maltego to map out the relationships between a target domain and its associated IP addresses, email addresses, and social media profiles.

4. Social Engineering

Social Engineering involves manipulating individuals to divulge confidential information. This can include phishing attacks, pretexting, and other techniques designed to exploit human psychology.

Example: A penetration tester might send a phishing email to employees of the target organization, posing as a legitimate entity, to trick them into revealing their login credentials.

Examples and Analogies

Consider a detective investigating a crime as an analogy for information gathering:

1. Passive Reconnaissance: The detective gathers information from public records, news articles, and social media to build a profile of the suspect without directly interacting with them.

2. Active Reconnaissance: The detective visits the crime scene, interviews witnesses, and collects physical evidence to gather detailed information about the crime.

3. OSINT: The detective uses publicly available sources, such as court records and news reports, to gather intelligence about the suspect's past activities and associates.

4. Social Engineering: The detective uses a ruse to trick a suspect or witness into revealing information, such as posing as a fellow officer or a concerned citizen.

By understanding and utilizing these information gathering techniques, penetration testers can gather valuable intelligence, identify potential vulnerabilities, and enhance their reconnaissance efforts.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.